Opened 7 years ago

Last modified 21 months ago

#6152 assigned defect

User can modify members for other modules

Reported by: axton.grams@… Owned by: rjollos
Priority: highest Component: SvnAuthzAdminPlugin
Severity: critical Keywords:
Cc: rjollos Trac Release: 0.11

Description (last modified by rjollos)


  1. User is authenticated against a project (projA)
  2. User has TRAC_ADMIN Access for projA
  3. User enters a path for another project with the following structure:
  4. User adds a path member to / -> axton

Then member axton will have access to module:path

Attachments (0)

Change History (5)

comment:1 Changed 7 years ago by otaku42

  • Description modified (diff)

comment:2 Changed 6 years ago by sto

That is so because the user needs TRAC_ADMIN permission to use this module and that implies that he or she has VERSIONCONTROL_ADMIN permission.

To avoid this problem I've patched this module to allow it's use with the SVNAUTHZ_ADMIN permission, removing the need to have TRAC_ADMIN permission to be able to edit the file.

My patch is attached to the ticket #7493 (attachment:ticket:7493:svnauthadmin_permission.diff).

comment:3 Changed 6 years ago by rjollos

  • Cc rjollos added; anonymous removed

comment:4 Changed 3 years ago by rjollos

  • Owner changed from kisg to rjollos
  • Status changed from new to assigned

comment:5 Changed 21 months ago by rjollos

  • Description modified (diff)

#11574 closed as a duplicate.

Add Comment

Modify Ticket

as assigned The owner will remain rjollos.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.